<form method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>
<?php
if(!isset($_FILES["file"])){
  die();
}
if ($_FILES["file"]["size"] < 2000000)
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
    $file_name = $_FILES["file"]["name"];
    if(strstr(strtolower($file_name), 'php') {
      die("hacking attempt!");
    }
    move_uploaded_file($_FILES["file"]["tmp_name"],
    "upload/" . $file_name);
    echo "Stored in: " . "upload/" . $file_name;
    }
  }
else
  {
  echo "Invalid file";
  }